With LastPasssPassword Manager, you have to remember only one password, and it is the master password to access your password vault. That is why they advertise it as “The last password you have to remember”, you got your answer that you’ll have to remember only the master password while LastPass takes care of all your other passwords and even forms. This review of LastPass password manager for Windows will tell you if you can trust it and use it.
LastPass Password Manager review
It took a whole lot of months for me to decide to go for a password manager. Before that, I was storing all my passwords in an excel sheet that was renamed to look like a garbage document with no extension. Whenever I forgot the password for any particular site (I was not using hard passwords at that time), I changed the extension and opened it in Microsoft Excel. But I was still afraid that someone might figure it out and all my data would be stolen.
I needed a free password manager, so I went through the available options. The first one I used was a desktop version, and I had to enter the master password every time I had to login into any of the web services. Plus the fear of getting hacked and unknown people using my login data was too much for me to keep using the desktop password manager application. I researched a bit and found LastPass, a cloud-based solution.
Cloud-Based Password Manager
Being a cloud-based password manager, I had the option of accessing it from anywhere and on any computer in the world. I just had to remember my email ID and LastPass master password to use it from other computers. This looked perfect, so I went with it, with fears about the security lapses it might be having. What if somebody hooked up to LastPass servers? But then, it is possible that someone can hack any site and steal the credentials. It is happening with many sites – LinkedIn, Yahoo, and even Amazon!
It is a risk, but it still makes your daily computing, much easier. You get stronger passwords, and you don’t have to remember them. There are some problems too – which we will discuss in a while. As a cloud-based free password manager, LastPass is good – if not perfect. Speaking of perfect, nothing is 100% perfect when it comes to the Internet. Hackers keep on trying with different techniques, and there is always a possibility of a security breach that can reveal all your data to bad guys. What security measures does LastPass take, then, to avoid being compromised? Let us check them out in the next section.
Security in LastPass Password Manager
LastPass claims that no one knows your master password as it is not stored “as is” anywhere. It is hashed, and the value of the hash is stored so that LastPass knows that you have stored the correct password. I do not know if any other word or combination can provide the same hash (in which case, storing only hash is not much fruitful as others with similar can access your vault). I invite you to comment on whether two different passwords/passphrases can result in the same hash.
LastPass claims it uses AES 256 bit encryption to store your other passwords in the cloud. In their own words,
I highlighted the last sentence above as it raises doubts that someone has to clear (preferably from LastPass). If all encryption and decryption happen on my computer, does it make my password vault vulnerable by leaving traces of its actions?
You have to remember it. Nothing is 100% secure! A few years back, the LastPass website had faced a security breach. Then again, last year, a bug in LastPass’s Internet Explorer plug-in had exposed passwords of some users.
Features of LastPass
Before I talk about LastPass features, let me inform you that there are both free and paid versions of LastPass. In this article, we are talking only about the free version of LastPass, the cloud-based password manager.
The feature I like the most is password capture. When you sign up with a new website, LastPass prompts you to ask if you wish to save that password. If you say yes, you will get a dialog box to save the credentials and whether to autofill or autologin. If you have more than one account for a website, you can still store passwords separately on LastPass. In other words, it supports multiple accounts for almost all kinds of websites. That helps a lot but make sure you do not select “autologin” (when saving password) as it will not give you a chance to select what credentials to use. If you already selected autologin and are not able to use other accounts, you can open LastPass Vault and uncheck autologin.
Another feature is that it can capture the entire process of signing in. For banks and similar institutions, the login process is a bit different. LastPass allows you to capture all the sign-in processes so that you can auto login there too. Once you have the LastPass account, I recommend you view the Tutorials so that you know what all you can do to make your sign-in easier.
LastPass also has a password generator. It auto-detects when you are creating a password and offers you suggestions if you go for it. The new passwords can be customized with symbols and numbers, and you can also set a size for them. The best part is, once you have saved it, you do not need to remember it!
Finally, LastPass lets you import your passwords from other password managers. It supports a variety of formats so that you do not have to manually transfer data. Simply select import and select the file from other password managers and all data will be imported without human intervention. Similarly, LastPass also allows export of data just in case you wish to move to some other password manager like RoboForm, etc.
Problems With LastPass
I did not find any problems with LastPass except that some sites create problems while auto-signing in. Some sites have captcha, and there, you have to close the Lastpass dialog after it fills the password. After closing the Lastpass dialog, you can manually enter a captcha. Since the captcha changes every time you log in, I do not think there could be any way to capture such logins.
LastPass support is readily available on Twitter. Their handle is @Lastpass, and they offer a fast response. The above review of LastPass is meant as support in choosing a cloud-based password manager for you. If you have any thoughts, please share.
You can download LastPass from its official website. You can also get the extension for Chrome, Firefox, Internet Explorer & Opera browsers.